package com.fengmi.config;

import com.fengmi.security.MyAccessDenied;
import com.fengmi.security.MyBasicAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


/**
 * @Author 123
 * @Date 2022/1/25 20:25
 * @Version 1.0
 */

//@Configuration
//@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyAccessDenied accessDenied;

    // 放行静态资源
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
                "/swagger-ui.html/**","/css/**","/images/**","/plugins/**","/webjars/**",
                "/swagger-resources/**","/v2/**"
        );
    }

    // 放行系统资源
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //登录请求必须放行
                .antMatchers("/user/login","/user/verify").permitAll()
                //除了以上资源，剩下的http资源都必须登录后才能访问
                .anyRequest().authenticated();

        //关闭ccrf过滤器
        http.csrf().disable();

        //解决跨域
        http.cors();
        //重写认证，校验token
        //http.addFilter(new MyBasicAuthenticationFilter(authenticationManager()));
        // 配置403异常处理
        http.exceptionHandling().accessDeniedHandler(accessDenied);
    }
}

